Hi Yves, On Sat, Jul 02, 2011 at 10:06:17AM +0200, Yves Goergen wrote: > >> Doesn't seem to work. It's a false positive again. And Botnet recognises > >> the incoming IPv6 address as some IPv4 address and reports that one. > > > > That doesn't look right - unless your munging has really messed it > > up. BOTNET seemed to check an IPv4 address there: "2**.1**.2**.7*" > > > > Do a dig -x against that IPv4 address, and the 2001:***::40 > > address, and see if both have correct PTRs. > > I cannot interpret the results: > > > $ dig -x 216.191.234.70 > > ;; QUESTION SECTION: > > ;70.234.191.216.in-addr.arpa. IN PTR
No PTR record. > and > > > $ dig -x 2001:470:8900::40 > > ;; QUESTION SECTION: > > ;0.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.8.0.7.4.0.1.0.0.2.ip6.arpa. > > IN PTR > > > > ;; ANSWER SECTION: > > 0.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.8.0.7.4.0.1.0.0.2.ip6.arpa. > > 3600 IN PTR spock.dilkie.com. PTR record exists. SpamAssassin (or BOTNET, I'm not familiar with the code to know which one parses the headers in this instance) is seemingly picking the wrong Received header to work on. Could be your trusted_networks or internal_networks settings? If you don't mind, maybe you could send me off-list a complete copy of the headers of this test message? I can't guarantee anything, but I'll run it through SpamAssassin here to see if I can work anything out. Thanks, Matthew -- Matthew Newton, Ph.D. <m...@le.ac.uk> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk>
